Bug 127552
| Summary: | after full install, postgresql starts on boot | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Alexandre Oliva <oliva> |
| Component: | postgresql | Assignee: | Tom Lane <tgl> |
| Status: | CLOSED RAWHIDE | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | medium | ||
| Version: | rawhide | CC: | hhorak |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2004-08-05 19:51:54 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Alexandre Oliva
2004-07-09 17:17:09 UTC
> Daemons shouldn't start by default just because they were installed.
Why not? There are an awful lot of daemons running on my system that I can't recall
having explicitly asked to start. sendmail is an immediate counterexample.
Sendmail does nothing unless you actually send messages through it. In the default configuration, it doesn't listen to the external network, just sits there waiting for something to do. And there *will* be something to do, because cron jobs send email and sendmail is what delivers it. postgresql, OTOH, is a database server. There's no point in running it on every machine, just because you happen to do a full install on all of them. It shouldn't create a local database that nobody's going to use. It shouldn't accept connections, especially if there was no action to control access to the database. And if nobody bothered to set up database accounts, nobody is going to use the database, so it shouldn't be there taking up swap and disk space nor slowing the boot down. There's a security principle that says that what isn't strictly necessary shoudln't be running. People published a lot of articles back when we shipped with everything enabled by default just because it was convenient. Firewalls solve only a very small part of the problem. Not running it in the first place, unless you want to, is far safer. Sure enough, not having it installed is even more secure. But lots of people will just do full installs because it's simpler. There's no reason to make their boxes even more of a swiss cheese. Note that apache or squid aren't enabled by default, even though lots of people use it. NFS servers don't run unless you set them up. Most daemons don't run by default. sendmail is the exception, because there are very good reasons to have an MTA available by default. But there's no good reason to have a database server running by default. Not these days, anyway. I have built new RPMs without the chkconfig change, but for now they are just in -HEAD. Should be in rawhide now, then. Confirmed, thanks. |